feature-forge
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill implements a workflow that ingests untrusted data from external sources and uses it to drive high-privilege operations.
- Ingestion points: Step 1 directs the agent to read issue descriptions and specification documents (SKILL.md).
- Boundary markers: The skill lacks delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The agent can write code (Step 4) and modify project memory (Step 5).
- Sanitization: Input is processed without validation or sanitization before impacting output or persistent state.
Recommendations
- AI detected serious security threats
Audit Metadata